- name: Install MySQL module for Ansible
  ansible.builtin.apt:
    name: python3-pymysql
    state: present

- name: Create Gitea database
  community.mysql.mysql_db:
    name: "{{ gitea.DB_NAME }}"
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock

- name: Create Gitea database user
  community.mysql.mysql_user:
    name: "{{ gitea.DB_USER }}"
    password: "{{ gitea.DB_PASSWD }}"
    host: '%'
    state: present
    priv: "{{ gitea.DB_NAME }}.*:ALL"
    login_unix_socket: /var/run/mysqld/mysqld.sock

- name: Create git's .ssh directory
  ansible.builtin.file:
    path: /home/git/.ssh
    mode: "700"
    state: directory

- name: Generate git's SSH keys
  community.crypto.openssh_keypair:
    path: /home/git/.ssh/id_rsa

- name: Find git's public SSH key
  ansible.builtin.slurp:
    src: /home/git/.ssh/id_rsa.pub
  register: git_rsapub

- name: Get stats on git's authorized_keys file
  ansible.builtin.stat:
    path: /home/git/.ssh/authorized_keys
  register: git_authkeys

- name: Create git's authorized_keys file
  ansible.builtin.file:
    path: /home/git/.ssh/authorized_keys
    mode: "600"
    state: touch
  when: not git_authkeys.stat.exists

- name: Add git's public SSH key to authorized_keys
  ansible.builtin.lineinfile:
    path: /home/git/.ssh/authorized_keys
    regex: "^ssh-rsa"
    line: "{{ git_rsapub['content'] | b64decode }}"

- name: Create Gitea host script for SSH
  ansible.builtin.template:
    src: gitea.sh.j2
    dest: /usr/local/bin/gitea
    mode: "755"

- name: Create Gitea's logging directory
  ansible.builtin.file:
    name: /var/log/gitea
    state: directory
    mode: "755"

- name: Install Gitea's Fail2ban filter
  ansible.builtin.template:
    src: fail2ban-filter.conf.j2
    dest: /etc/fail2ban/filter.d/gitea.conf
    mode: "644"
  notify: restart_fail2ban

- name: Install Gitea's Fail2ban jail
  ansible.builtin.template:
    src: fail2ban-jail.conf.j2
    dest: /etc/fail2ban/jail.d/gitea.conf
    mode: "640"
  notify: restart_fail2ban